A Vision of the Role for Machines in Security

RSA President Rohit Ghai is joined by cybersecurity strategist Niloofar Razi Howe in a keynote presentation. (Photo by Mathew Schwartz)

One of the biggest leaps over the next four decades will be humans and machines working in cooperation to solve the problems that face the planet, whether it's a lack of drinking water or ensuring that the global supply chain functions correctly, says RSA President Rohit Ghai, who kicked off the Tuesday keynote presentation at the RSA Conference 2019 in San Francisco.

This is the concept of "trustworthy twins," where humans and machines work together, focusing on those areas for which they are best suited, Ghai said. That means taking advantage of human creativity combined with a machine's ability to quickly and reliably find answers to questions. It's based on the notion of paired programming, where two developers can write better and more secure code compared to a solo effort by one engineer, the RSA president said.

"Stop waiting for humans or machines to get better at things they are terrible at," Ghai said. "Implement a security program with machines and humans working together. Humans asking questions; machines hunting answers."

Protecting Trust

Joining Ghai during Tuesday's keynote, Niloofar Razi Howe, a cybersecurity strategist and entrepreneur, addressed the role that trust plays in security and how it will evolve.

"Trust does not require perfection. It requires transparency, accountability, honesty and reliability," she said. She also noted that the industry needs better digital risk management technology to help solve many of these issues.

"What we protect is not applications or data or critical infrastructure. We are in the business of protecting trust," Ghai added.

Coming to Grips With AI

Following Ghai and Razi Howe, Steve Grobman, the CTO of McAfee, took to the stage to describe the benefits and drawbacks of artificial intelligence.

Grobman spoke about the many benefits that the industry points to when discussing machine learning and artificial intelligence, including helping to fill the skills gap when it comes to building a better cyber defense or analyzing data.

At the same time, cybercriminals and threat actors can turn these technologies toward their advantage, such as with deep fakes on social media. False positives generated by machines also remain a concern.

"We must embrace AI but never ignore its limitations," Grobman said. "It's just math. It's fragile. And there is a cost to both false positives and false negatives."

IT and OT Convergence

Wrapping up the opening session, Matt Watchinski, vice president of Cisco Talos, and Liz Centoni, senior vice president of Cisco IoT, spoke about the dangers facing companies that are investing heavily in internet of things devices as part of digital transformation.

Watchinski spoke about Talos' role in exposing VPNFilter, malware that managed to create a botnet comprising some 500,000 connected devices, including home routers and storage devices. The FBI eventually disabled the botnet, which authorities believe was the work of the Russian-backed group called Sofacy, which also goes by the names Fancy Bear and APT28.

One area where IoT has made serious inroads is within the manufacturing sector, and as these factories become more and more connected, security teams have attempted to bridge the gap between IT and operational technology, Centoni said. This is difficult because IT and OT have different agendas and different approaches, and what works for one, might not work for the other, she added.

About the Author

Ferguson is the managing editor for the news desk at Information Security Media Group. He's been covering the IT industry for more than 13 years. Before joining ISMG, Ferguson was editor-in-chief at eWEEK and director of audience development for InformationWeek. He's also written and edited for Light Reading, Security Now, Enterprise Cloud News, TU-Automotive, Dice Insights and DevOps.com.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.